Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Haifa


Aliases:


Haifa

Malware
Virus
W32

Summary

This virus contains following text string:

HAIFA VIRUS V1.12
        WRITTEN BY Y.S
        GUEST STARS T.S. & I.F.
        MADE IN ISRAEL
        I AM TIRED. PLEASE WAKE ME UP ON TUE 12.4.3456
        PRESS RESET TO CONTINUE...



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

The virus searches specifically for files with ASM, PAS, TXT and DOC extensions (as well as COM and EXE).

ASM files have the first 76 bytes overwritten with a assembler routine which is designed (when assembled) to overwrite the beginning of the first hard drive with garbage.

PAS files have the first 23 bytes overwritten with the text:

CONST VIRUS= "HAIFA";

TXT and DOC files are corrupted by having text inserted at approximate half-way point:

OOPS!  Hope I didn't ruin anything!!!
        Well, nobody reads those stupied DOCS anyway!

Although this virus has no stealth capability, it contains a self-modifying encryption routine such that each infection appears differently on disks.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.